People, Process & Technology
In addition to the areas above, we also assist clients with security concerns
around some of the newer focus areas such as IoT solutions, Big Data offerings,
and containers.
Security is a very complex topic that touches every aspect of the organization.
Technology alone is not a sufficient answer to a comprehensive security pos-
ture problem.
People
It’s all about the people. One can make an argument that technology is easy,
and, to a certain extent, it is. Changing people, their culture and mentality is
more challenging. We help our clients get past the Fear, Uncertainty, and Doubt
(FUD) stage and educate them on all aspects of cloud security. We also work
with internal security and compliance groups to figure out what skills and hab-
its they need to acquire (or drop) in order to do their job more effectively on the
cloud.
Process
As the saying goes, there’s no point in doing things right if you’re not doing the
right things. Quite often we hear from clients: “Yes, but this is how we do it
now.” Everyone has a natural tendency to compare future state to the current
state because current state is well understood and people are comfortable
with it. But you should change your mindset away from “How we do it” to “Why
we do it?” Presumably, you’re performing a process to achieve a certain objec-
tive. Success is measured by reaching the objective, regardless of process. And
some processes are different on the cloud due to inherent differences in oper-
ational mode, not to mention the ever-expanding level of automation available.
We help our clients work through those challenges and establish appropriate
processes and procedures on AWS to satisfy their objectives.
Technology
“He who dies with the most toys wins!” Is this still true? We think not. When we
work with our clients, we quite often discover a plethora of on-premise tools
from CA, HP, IBM, BMC, etc. Most enterprises typically acquired numerous
tools and point-solutions over the years to address various needs. But not all of
those tools are well suited for the cloud. Some are plain unnecessary since AWS
might already have certain capabilities right out of the box. We help our clients
rationalize their technology footprint on the cloud to achieve the security
objectives they need. We help them rationalize their existing tools and recom-
mend new “cloudy” ones that are a better fit for their goals.
We accomplish all these things via the capabilities we’ve built into our Security
and Governance Practice.
FALL 2017 | THE DOPPLER | 15